CVE-2023-27290

CRITICAL

IBM Observability with Instana 239-0-239-2, 241-0-241-2, 243-0 - Unauthenticated Data Store Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27290. PoCs published by Shahid Parvez (zippon).

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in IBM Instana's Docker-based datastores (CVE-2023-27290) to interact with various services (e.g., Kafka, Cassandra, ClickHouse) without authentication. It uses command-line tools to query or dump data from exposed services.

Description

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.

Exploits (1)

exploitdb WORKING POC

by Shahid Parvez (zippon) · pythonremotemultiple

https://www.exploit-db.com/exploits/51314

View Code ZIP pw:eip

This exploit leverages an authentication bypass vulnerability in IBM Instana's Docker-based datastores (CVE-2023-27290) to interact with various services (e.g., Kafka, Cassandra, ClickHouse) without authentication. It uses command-line tools to query or dump data from exposed services.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: IBM Instana (versions 239-0 to 239-2, 241-0 to 241-2, 243-0)

No auth needed

Prerequisites: Network access to vulnerable IBM Instana instance · Exposed services (e.g., Kafka, Cassandra) running on default or known ports

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/6959969

VDB Entry, Vendor Advisory vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/248737

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html

Scores

CVSS v3 9.1

EPSS 0.0857

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

ibm/observability_with_instana 243-0

ibm/observability_with_instana 239-0 - 239-2

Published Mar 03, 2023

Tracked Since Feb 18, 2026